LloydLabs / wsb-detect

Related projects ⓘ

Alternatives and complementary repositories for wsb-detect

• LloydLabs / delete-self-poc
  A way to delete a locked file, or current running executable, on disk.
  ☆496Updated 3 months ago
• antonioCoco / Mapping-Injection
  Just another Windows Process Injection
  ☆389Updated 4 years ago
• monoxgas / Koppeling
  Adaptive DLL hijacking / dynamic export forwarding
  ☆724Updated 4 years ago
• bats3c / Ghost-In-The-Logs
  Evade sysmon and windows event logging
  ☆611Updated 4 years ago
• xuanxuan0 / DripLoader
  Evasive shellcode loader for bypassing event-based injection detection (PoC)
  ☆715Updated 3 years ago
• RedSection / OffensivePH
  OffensivePH - use old Process Hacker driver to bypass several user-mode access controls
  ☆329Updated 3 years ago
• hasherezade / process_ghosting
  Process Ghosting - a PE injection technique, similar to Process Doppelgänging, but using a delete-pending file instead of a transacted fi…
  ☆631Updated 8 months ago
• hasherezade / transacted_hollowing
  Transacted Hollowing - a PE injection technique, hybrid between ProcessHollowing and ProcessDoppelgänging
  ☆519Updated 8 months ago
• sailay1996 / UAC_Bypass_In_The_Wild
  Windows 10 UAC bypass for all executable files which are autoelevate true .
  ☆635Updated 4 years ago
• forrest-orr / phantom-dll-hollower-poc
  Phantom DLL hollowing PoC
  ☆350Updated 2 years ago
• ionescu007 / faxhell
  A Bind Shell Using the Fax Service and a DLL Hijack
  ☆322Updated 4 years ago
• mandiant / DueDLLigence
  ☆462Updated last year
• itm4n / Perfusion
  Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
  ☆409Updated 3 years ago
• AzAgarampur / byeintegrity-uac
  Bypass UAC by hijacking a DLL located in the Native Image Cache
  ☆207Updated 2 years ago
• Cr4sh / MicroBackdoor
  Small and convenient C2 tool for Windows targets. [ Русский -- значит нахуй! ]
  ☆564Updated 2 years ago
• D4stiny / spectre
  A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
  ☆685Updated 4 years ago
• med0x2e / GadgetToJScript
  A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from …
  ☆870Updated 3 years ago
• hasherezade / process_overwriting
  Yet another variant of Process Hollowing
  ☆354Updated 8 months ago
• itm4n / UsoDllLoader
  Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
  ☆378Updated 4 years ago
• MythicAgents / Apollo
  A .NET Framework 4.0 Windows Agent
  ☆452Updated this week
• wietze / windows-dll-hijacking
  Project for identifying executables and DLLs vulnerable to relative path DLL hijacking.
  ☆439Updated 5 months ago
• med0x2e / SigFlip
  SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature…
  ☆1,081Updated last year
• med0x2e / ExecuteAssembly
  Load/Inject .NET assemblies by; reusing the host (spawnto) process loaded CLR AppDomainManager, Stomping Loader/.NET assembly PE DOS head…
  ☆544Updated 3 years ago
• deepinstinct / LsassSilentProcessExit
  Command line interface to dump LSASS memory to disk via SilentProcessExit
  ☆442Updated 3 years ago
• FSecureLABS / Ninjasploit
  A meterpreter extension for applying hooks to avoid windows defender memory scans
  ☆239Updated 4 years ago
• aaaddress1 / PR0CESS
  some gadgets about windows process and ready to use :)
  ☆573Updated last year
• padovah4ck / CVE-2020-0683
  CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege
  ☆339Updated 2 years ago
• sh4hin / GoPurple
  Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
  ☆477Updated 3 years ago
• p3nt4 / Nuages
  A modular C2 framework
  ☆396Updated last month